Protecting your business from the scourge of ransomware

Opinion by David Maclean

Cyber-criminals infect devices, block access and then demand money. Unfortunately, there is no silver bullet to combat ransomware. However, there are steps that can be taken to minimise risk and stop the spread of infection.

Recent ransomware attacks are raising the need for organisations to be more compliant. With EU's General Data Protection Regulations (GDPR) due to come into effect in May 2018, now is the time to ensure your operation is a secure environment.

According to the Gowling WLG Digital Risk Calculator, three quarters of surveyed European business leaders now consider security breach as a high risk to their business. Europol recently reported that global ransomware attacks soared by over 11 percent in the 12 months to March 2017. 

Ransomware preys on emotion, directly extracting money from individual victims or entire organisations. Cyber-criminals infect devices, block access and then demand money. Unfortunately, there is no silver bullet to combat the problem. However, there are steps that can be taken to minimise risk and stop the spread of infection.

Shut it down
Prevention is better than cure, but ransomware is very difficult to combat. In the short term, the best action organisations can take is to limit the spread of infection by shutting down their systems before determining the initial compromised source. Isolating the infected area will minimise widespread destruction.

Back it up
Regular data backups are vital and should be central to day-to-day operations. Executed properly, data also remains secure if devices inadvertently fail. Successful ransomware attacks can occasionally infiltrate file encryption on backups, so it is worth using drives that are offline and entirely out of the potential line of fire. 

Use inspection systems
SSL/TLS visibility solutions can inspect for security devices, as well as filter and monitor emails for phishing attacks – all within encrypted traffic flows that may be hiding malicious malware. Organisations should always have systems in place to detect ransomware based on specific behaviours. If an attack occurs and an account is compromised, it is important to quickly restrict administrative privileges to contain the damage.
Perform regular software updates 
Keeping software fully up to date should be standard procedure to minimise risk, but is frequently overlooked due to complacency or delayed investment. Many applications and operating systems have an automatic update feature. Ignore update requests at your peril. If an application does not update automatically, make sure it is performed manually on a regular basis.

Be vigilant with downloads
Visibility over files downloaded from the internet and received via email is essential. Staff need to be educated on best practice, including only downloading files from trusted sources and to be wary of emails and links from unfamiliar sources. Err on the side of caution, implement a culture of safety first and encourage people to seek help if uncertain. People are often the weakest link in an organisation's cyber-security plan, so continual user cyber-security education and training is required to combat costly and time-consuming security breaches.

Don't pay!
It is always tempting to pay a ransom. Don't do it. Every bitcoin transferred to cyber-criminals only builds their confidence and potentially exacerbates the problem for the future. Remember, the creation, spread and demand of a ransom for decrypting your data are actions that are defined as criminal in most countries around the globe. Therefore, report incidents immediately to the police and authorities.

Initiatives such as NoMoreRansom have been developed by law enforcement and IT security companies to disrupt cyber-criminal businesses with ransomware connections. The website offers help to victims of ransomware and helps to retrieve encrypted data.  

Hackers are increasingly using ransomware to hold sensitive corporate data hostage. The most effective actions you can take include employing an integrated security strategy, limiting the initial spread of infection by addressing vulnerabilities quickly, updating systems with the latest security solutions, and maintaining a rigorous data defence policy to keep your business compliant. 

Contributed by David Maclean, systems engineer at F5 Networks

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop